Postfix myhostname suggestion has trailing '.' Where is the bug? In dhclient, postfix or where?

Question

After a minimal debian stretch installation using (debian-9.8.0-amd64-netinst.iso), where hostname is left at the default debian and domain was left empty, installing postfix fails because the detected fully qualified hostname contains a trailing . character.

I think it is dhclient that saves the resolv.conf file on a minimal install without Network Manager. It has trailing . characters in its search clause even though the DHCP server doesn't send any (see below).

If hostname --fqdn is empty, postfix looks in resolv.conf with sed and finds and tries to use the FQDN with the trailing . which causes postfix installation to fail (see below).

Where is the bug? In postfix.postinst, in dhclient, with my understanding or somewhere else?

In reality this fails when installing postfix from a Dockerfile, but the same behavior is seen with a minimal debian installation, so it isn't really Docker related, apart from the fact that you can't control the FQDN of the "host"/container during docker build so we run into this problem. The workaround is of course to patch resolv.conf before installing postfix, but that is very much a hack. (Unless you have a better idea?)

Details:

/etc/hosts:

127.0.0.1   localhost
127.0.1.1   debian

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

/etc/resolv.conf

domain capmon.lan
search capmon.lan. capmon.
nameserver 10.10.10.251

Now running apt-get install postfix:

<snip>
setting myhostname: debian.capmon.lan.
setting alias maps
setting alias database
mailname is not a fully qualified domain name.  Not changing /etc/mailname.
setting destinations: $myhostname, debian, localhost.localdomain, , localhost
setting relayhost: 
setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
setting mailbox_size_limit: 0
setting recipient_delimiter: +
setting inet_interfaces: all
setting inet_protocols: all

Postfix (main.cf) is now set up with a default configuration.  If you need to 
make changes, edit /etc/postfix/main.cf (and others) as needed.  To view 
Postfix configuration values, see postconf(1).

After modifying main.cf, be sure to run 'service postfix reload'.

Running newaliases
newaliases: warning: valid_hostname: misplaced delimiter: debian.capmon.lan.
newaliases: fatal: file /etc/postfix/main.cf: parameter myhostname: bad parameter value: debian.capmon.lan.
dpkg: error processing package postfix (--configure):
 subprocess installed post-installation script returned error exit status 75
Processing triggers for systemd (232-25+deb9u12) ...
Processing triggers for rsyslog (8.24.0-1) ...
Errors were encountered while processing:
 postfix
E: Sub-process /usr/bin/dpkg returned an error code (1)

And that is because postfix's myhostname has a trailing .:

# grep ^myhostname /etc/postfix/main.cf
myhostname = debian.capmon.lan.

And that is because /var/lib/dpkg/info/postfix.postinst has:

# The resolver uses the last one found, and ignores the rest
mydom=$(sed -n 's/^search[[:space:]]*\([^[:space:]]*\).*/\1/p;s/^domain[[:space:]]*\([^[:space:]]*\).*/\1/p' /etc/resolv.conf | tail -1)
myhostname="$myhostname${mydom:+.$mydom}"

and sure enough:

# sed -n 's/^search[[:space:]]*\([^[:space:]]*\).*/\1/p' /etc/resolv.conf
capmon.lan.

I've checked (also in the transmitted bytes), and the DHCP server does not send trailing . characters:

Answer 1

The problem is in /var/lib/dpkg/info/postfix.postinst.

Consider the Debian versions with their respective postfix versions, and all fails with the same error 75 in post-installation script:

• stretch has postfix 3.1.15-0+deb9u1 (not longer supported, last release in February 2020)
• buster has postfix 3.4.14-0+deb10u1
• bullseye has postfix 3.5.6-1+b1

And all of them share the following in the function myfqdn:

mydom=$(sed -n 's/^search[[:space:]]*\([^[:space:]]*\).*/\1/p;s/^domain[[:space:]]*\([^[:space:]]*\).*/\1/p' /etc/resolv.conf | tail -1)
myhostname="$myhostname${mydom:+.$mydom}"

On the other hand

• bookworm has postfix 3.6.4-1

And differs in myfqdn:

#                                                                                   
mydom=$(sed -n 's/^search[[:space:]]*\.*\([^[:space:]]*\).*/\1/p;s/^domain[[:space:]]*\.*\([^[:space:]]*\).*/\1/p' /etc/resolv.conf | tail -1)
# removes the trailing ., but appends another in the middle if ${mydom%.} is not empty:
myhostname="$myhostname${mydom:+.${mydom%.}}"

And avoid the . in the group matched by the regex.

Therefore, there are possible solutions:

• Use Debian bookworm (but in Jan 2022 it's for testing).

• Download postfix from source code.

• After the apt-get install postfix (even with the error code 75) run:

  $ postconf myhostname=<yourhostname>
  

  Where <yourhostname> can be $(hostname -f).

---

Minimal reproducible example (with docker):

For Debian bookworm

# Dockerfile

# also works with ubuntu:focal
FROM debian:bookworm

RUN apt-get update \
    && DEBIAN_FRONTEND=noninteractive apt-get install -y postfix \
    && rm -rf /var/lib/apt/lists/*

# try it!
$ docker build -t mail:debian.bookworm .
$ docker run --rm mail:debian.bookworm sh -c "postconf -h myhostname && service postfix start && service postfix status"